Last updated on January 15, 2019
Within the framework of its activities, the ASSOCIATION DENTAIRE FRANÇAISE may be led to implement the collection and processing of certain personal data within the meaning of the General Regulation of the European Parliament and of the Council on the protection of personal data No. 2016/679 of 27 April 2016 (hereinafter the “RGPD”) and the French Data Protection Act No. 78/17 of 6 January 1978 as amended by Act No. 2018/493 of 20 June 2018 (hereinafter the “Data Protection Act”).
The present confidentiality charter has been drawn up to enable persons who interact with the FRENCH DENTAL ASSOCIATION (hereinafter “You”, “Your” or “Yours”) to understand what data is collected by the ADF, for what purposes, and what their rights are in this regard.
1. Who is responsible for the data processing implemented?
2. When is personal data collected and processed by ADF?
The ADF may collect and process personal data within the meaning of the RGPD and the French Data Protection Act in several situations:
- In the context of the organization and running of its annual congress: the ADF receives registration requests from participants, processes invitations, organizes speakers’ interventions, manages requests for stands from exhibitors;
- When the ADF manages its internal and associative life, in particular when it organizes the meetings of its members. The ADF may also use personal data of practitioners collected from professional directories;
- In the context of the sale of publications or online training on the Sites: the ADF collects information about the person placing the order;
- When you browse the Sites, independently of the purchase of publications or training, ADF may collect certain technical personal data
- When ADF enters into a contract with a service provider: ADF may collect certain personal data about the service provider or its representative.
3. What personal data is collected and processed by ADF?
ADF applies the principle of data minimization, which means that it only collects and processes personal data that is strictly necessary for the achievement of its corporate purpose.
Indeed, ADF does not trade in personal data. The collection and processing of data is carried out by ADF only to enable it to carry out its associative activities, including the organization of its annual congress.
The data collected and processed by the ADF are the following:
- When You register to attend the ADF Annual Congress as a delegate: When You register for an edition of the ADF Annual Congress, in order to be able to attend, You must provide elements relating to Your identity (surname, first name, gender, date of birth, passport number), Your postal address, information of a professional nature (ADELI number, RPPS number, year of graduation, faculty of origin, academic title, mode of practice, specialty, SIRET number), means of contacting You (e-mail address, telephone number) as well as a bank account identification statement to allow for Your possible reimbursement ;
- When registering to participate in the ADF Annual Congress as a speaker: as a speaker who will be giving training sessions during the ADF Annual Congress, You must provide information concerning Your identity (title, last name, first name, date of birth), Your address, means of contacting You (e-mail address, telephone number), as well as a bank account number to allow for Your reimbursement;
- When registering to participate in the ADF Annual Congress as an exhibitor: as an exhibitor at the ADF Annual Congress, You must provide certain information regarding Your identity (last name, first name), Your address, means of contacting You (telephone number, fax number, e-mail address) as well as bank details;
- When the ADF manages its internal life: the ADF keeps a register of its members and members of internal commissions: identity (name, first name), address, and means of contact (telephone number, fax number, e-mail address)
- As a dental practitioner: the ADF obtains certain personal data about you from professional directories. This is only information related to your professional practice;
- When you browse the Sites, certain personal data about You are collected and processed by Us. This data is collected automatically. It is: the IP (Internet Protocol) address of the computer terminal that You are using, the date and time of connection, the type of computer used, the operating system and the navigation software used, the resolution of your screen, as well as the name of your Internet access provider. We also keep track of which pages of the Sites You have visited. We use this data to personalize your navigation on the Sites, to ensure the correct establishment of the connection, to evaluate the security of the system and to obtain usage statistics. This data is collected by means of cookies, which are text files that are then stored on the storage medium of your terminal.
4. On what legal basis is personal data collected and processed?
ADF does not collect or process personal data unlawfully. All personal data collected and processed by ADF are indeed collected and processed under a duly identified legal basis:
– For the most part, the data We collect is necessary for the performance of a contract between You and Us, for example because You have wished to attend the ADF Annual Congress as a delegate, speaker or exhibitor, or because You are a selected provider of services to ADF;
– Some of the data collected automatically is necessary for the legitimate purposes that We pursue, in particular our associative life, it being specified that neither the collection nor the processing of this data is likely to infringe on the interests or fundamental freedoms that are Yours;
– The other personal data that We collect and process are collected and processed on the basis of Your consent. In this respect, We invite You to communicate to Us only strictly necessary information.
If so-called “sensitive” data is collected within the meaning of the RGPD and the French Data Protection Act, it only concerns Your membership of a professional association; this data collection, which is part of the legitimate activities of the ADF, itself an emanation of professional associations, is implemented with appropriate guarantees: the processing of this data relates exclusively to members or former members of the ADF or to persons who have regular contact with the ADF, in connection with its purposes. These data are not communicated outside the ADF without Your consent.
5. How do we use the data we collect?
ADF only uses the personal data collected in the cases described above for specific and legitimate purposes, which are strictly related to its activities, in accordance with its corporate purpose.
Broadly speaking, these purposes are as follows:
- Primarily, this data is used for the proper execution of a contract and its consequences: this is notably the case for Your contact information. It will thus be used for your registration to the congress, confirmation of admission, invoicing and/or payment of expenses, and even, depending on the case, for the issuance of certificates. It may also be used to process an order for training on the Sites;
- This data may be processed for the purposes of managing Our relationship with You, in particular the sending of electronic information messages or satisfaction surveys;
- This data may be used for internal purposes within the ADF, for example to manage the invitation of ADF members to meetings or commissions, or even to establish statistics on attendance at the ADF Congress;
- Finally, some information is useful to Us to administer the Sites. We analyze it (directly or through third parties with whom We contract) in order to establish usage statistics (for example, in order to understand which pages are the most frequented) and to improve the Sites by enhancing its functions and features. They will allow Us to improve our product (publications, training) or service offerings. We may also use the address of Your terminal in order to fight certain cases of fraud, including identity theft.
6. To whom is the data we collect disclosed?
The personal data we collect is primarily useful to the ADF itself. This data is thus intended for the various ADF departments concerned (congress management department, ADF member management department, ADF commission management department, ADF administrative departments, ADF IT department, etc.).
This data may also be transmitted to certain recipients listed below, namely
- Our service providers: we may contract with third party service providers, in particular to help us organize the congress. These service providers may, for example, be responsible for controlling access to the conference, issuing badges, etc. We also use the services of Sarbacane to send our information or prospecting emails.
- Authorities: We will have to cooperate, if necessary, with the authorities, state, administrative or judicial, in particular the supervisory authorities in charge of ensuring the execution of the RGPD and the Data Protection Act, when We are obliged to do so. Therefore, We reserve the right to disclose any information collected within the framework of Our activities to the competent authorities when We are required to do so, for example within the framework of an investigation resulting from a bank card theft.
7. How long does ADF keep Your personal data?
ADF keeps your personal data in an identifiable form for only as long as is necessary to fulfil the purpose of the processing concerned. Thus, schematically:
- Data relating to the congress (in particular the list of participants or speakers) are kept for a period of 3 years;
- Data relating to the members of the association’s bodies (including committees) are kept for a period of 10 years;
- Data relating to transactions on the Sites are kept for a period of 3 years;
- Data collected automatically and concerning Your browsing session on the Sites are automatically deleted when You log out.
The other data, in particular the statistics, are kept in an anonymized form that does not allow Your identification.
8. What are Your rights regarding Your personal data?
ADF respects the rights granted to You by the RGPD and the French Data Protection Act.
Thus, You have the right to request access to the personal data concerning You that are kept by the ADF, as well as the rectification or deletion of such data, or even the limitation of the processing of personal data concerning You, as well as the right to object to their processing.
However, in case of limitation of processing or opposition to processing, ADF may no longer be able to process your registration for the annual congress, for example. In addition, if you exercise your right to object or your right to be forgotten, some information may still be retained by ADF in order to comply with its legal obligations.
You can also define directives relating to the conservation, deletion and communication of Your personal data after your death. In the absence of such instructions, Your personal data will be retained in accordance with the paragraphs above, unless Your heirs request earlier deletion.
To exercise these rights, You may send an e-mail to email@example.com
Furthermore, You are informed that You can oppose telephone canvassing by registering on the website www.bloctel.fr.
Finally, You have the right to lodge a complaint at any time with the competent supervisory authority for data protection. To do so, You can contact the competent supervisory authority for data protection in the region where You live or, in any case, the CNIL for France: www.cnil.fr.
9. How are Your personal data protected?
In its capacity as data controller, ADF undertakes to implement and maintain, at its own expense, appropriate technical and organizational measures for the processing and security of personal data, in accordance with Articles 32 to 34 of the RGPD and 70-13 of the French Data Protection Act.
ADF ensures that these technical and organizational measures are at all times adapted to the particular risks presented by its processing activities, with regard to the nature of the information that may be collected by it, in particular to protect Your personal data against destruction, loss, modification, unauthorized disclosure, accidental or unlawful.
Thus, with respect to the technical measures implemented by ADF :
- All personal data is stored on servers located in France;
- All information concerning the banking transaction is encrypted during transmission via an SSL connection from the source to the target. Bank card data is not collected or stored by ADF;
Regarding organizational measures:
- Only a limited number of ADF staff members are authorized to have access to personal data concerning You;
- Access to data is protected by usernames and passwords;
- The servers used are controlled by security groups.
ADF also undertakes to keep, update and maintain complete and accurate records of the personal data processing carried out by ADF. These records detail its processing activities.
10. Are international data transfers implemented?
Your personal data is stored on servers located in France. No international transfer of personal data is authorized.
11. Do you have additional questions?
If you have any further questions about how ADF collects and processes your personal data, please contact Us at the following address: firstname.lastname@example.org